Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Security Firm Dangles $500,000 for iOS 0-Days

Researchers looking to cash in on working exploits for 0-day and N-day vulnerabilities can now turn to a new bounty program from Exodus Intelligence, which is offering up to $500,000 for certain exploits.

Researchers looking to cash in on working exploits for 0-day and N-day vulnerabilities can now turn to a new bounty program from Exodus Intelligence, which is offering up to $500,000 for certain exploits.

Exodus Intelligence’s Research Sponsorship Program (RSP), which is focused on acquiring vulnerability research and exploits, is now looking for exploits for both zero-day and N-day vulnerabilities, the company announced.

The bounties promised by the company are substantial: working Apple iOS exploits can earn researchers up to $500,000, while working Microsoft Edge exploits could go for as much as $125,000. 

Exodus also reveals that a new bonus structure is rolling out for the acquisition of research and exploits for 0-day vulnerabilities. The company will offer the researcher an initial payment for each of the new 0-day acquired, but only after the request has been reviewed and accepted, and might also send the researcher additional payments every quarter the Zero-Day exploit is still alive.

News of the program comes less than a week after Apple announced that it would offer up to $200,000 for finding vulnerabilities in its products.

“The specific values of the initial payment and quarterly bonus will be included in an offer presented to the researcher, following the review of their work. Additionally, Exodus also offers payment in the form of Bitcoin for Zero-Day research,” the company says.

The RSP website is where the 0-day hitlist can be found, and developers interested in entering the program should register there. Even researchers focused on different areas are encouraged to contact Exodus for consideration.

Interested developers should submit their research through the RSP website and the company promises a response within 10 business days. Depending on the completeness of the research, larger payments could be offered, and researchers might also receive public acknowledgement, if desired, Exodus says.

Advertisement. Scroll to continue reading.

The $500,000 payout for iOS exploits matches that offered by exploit acquisition firm Zerodium in program announced late last year. For a short period, Zerodium even offered up to $1 million for an iOS 9 exploit, which was awarded to Pangu Team, a Chinese group specializing in iOS jailbreaks. 

When it comes to N-day exploits, Exodus says it would consider and purchase only fully functional exploits.

“Through the launch of the RSP, Exodus is excited to be engaging the global research community in our mission to provide the highest quality of vulnerability intelligence in the industry. This additional source of research, supplemented by the investigation and validation of our world-class team, will continue to ensure that our clients receive early notification of the most critical vulnerabilities so that they can offer the best defense possible,” Logan Brown, President, Exodus Intelligence, says.

Related: Zerodium Publishes Prices for Zero-Day Exploits

Related: iOS 9.1 Jailbreak Earns Hackers $1 Million Bounty

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.